Re: Domain password change policy
From: Sion Church (anonymous_at_discussions.microsoft.com)
Date: 03/04/04
- Next message: Steven L Umbach: "Re: Prevent users from changing domain name"
- Previous message: kruthy: "HELP - Upgrading W2K GP to W XP GP problems - KB 307900"
- In reply to: Steven L Umbach: "Re: Domain password change policy"
- Next in thread: Kevin Stanush: "Re: Domain password change policy"
- Reply: Kevin Stanush: "Re: Domain password change policy"
- Messages sorted by: [ date ] [ thread ]
Date: Thu, 4 Mar 2004 11:14:39 -0800
Steve - thank you for your advise. Much appreciated.
>-----Original Message-----
>W2003 allows you to change multiple user accounts as you
need to in bulk,
>but Windows 2000 does not unless you use a scripting
solution that I do not
>know of offhand. However there is a third party tool from
Somar called Hyena
>that I believe can do this and they have a free fully
functional download
>time limited trial version.
>
>Keep in mind that when you enable the change, any
passwords already older
>than the new setting will immediately expire and users
will not be able to
>logon until they change there passwords, and mapped
drives/Sheduled tasks
>will fail. You will want to communicate this to users
well ahead of time and
>if you are using any password length/complexity
requirements let them know
>what they are and show examples. Also encourage users to
change their
>passwords to the new standards ahead of time and maybe
force a group of
>users to it early to see what complications arise
[including domain
>misconfigrations not allowing users to change passwords]-
you do not want to
>have 400 users all have to do it at the same time one
Monday morning.
>
>I don't know the best way offhand to get a report of
users password age.
>"net user username" gives some of that info or use the
Acctinfo.dll as
>described in the link below which can give you extra info
on a users account
>properties in AD. By default users will be notified 14
days in advance of
>when their password will expire in security
policy/security options which
>can be changed. I would also suggest enabling audting of
account logon
>events for Domain Controller Security Policy and auditing
of logon events
>[not the same as account loon events] on any domain
computers offering
>shares to domain users. You can then view the security
log in Event Viewer
>to look for failed logon problems. You will also need to
substantially
>increase the size of the security log from default.
Event Comb as
>described in the second link can be used to scan multiple
domain computers
>for events in the security log. --- Steve
>
>http://www.systemtools.com/hyena/hyena_frame.htm
>http://www.microsoft.com/downloads/details.aspx?
FamilyId=7AF2E69C-91F3-4E63-8629-
B999ADDE0B9E&displaylang=en
>http://tinyurl.com/a5zj -- same link as above, shorter
in case of wrap.
>
>"Simon Church" <anonymous@discussions.microsoft.com>
wrote in message
>news:67d001c4018d$cf529990$a401280a@phx.gbl...
>> Hello,
>>
>> we have a windows 2000 AD domain with 400+ users.
>> Currently, we have no domain password change policy in
>> place and are about to implement one. In order to do
so, I
>> need help with the following:
>> - all user accounts have the setting "password never
>> expires" enabled and some also have the setting "user
>> cannot change password" enabled. Is there a way that I
can
>> deselect these settings on all the user accounts without
>> having to do into each one individually?
>> - once I have implemented a maximum age for passwords,
is
>> there a way that I can monitor the ages of passwords for
>> all accounts in AD?
>>
>> Please advise.
>>
>> Thanks,
>>
>> Simon
>
>
>.
>
- Next message: Steven L Umbach: "Re: Prevent users from changing domain name"
- Previous message: kruthy: "HELP - Upgrading W2K GP to W XP GP problems - KB 307900"
- In reply to: Steven L Umbach: "Re: Domain password change policy"
- Next in thread: Kevin Stanush: "Re: Domain password change policy"
- Reply: Kevin Stanush: "Re: Domain password change policy"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
